NukeViet\Core\Request::filterAttr PHP Метод

Документация по классу Request Показать файл Открыть проект

filterAttr() приватный Метод

Request::filterAttr()
private filterAttr ( mixed $attrSet )
$attrSet mixed 
    private function filterAttr($attrSet)
    {
        $newSet = array();
        for ($i = 0, $count = sizeof($attrSet); $i < $count; ++$i) {
            if (!$attrSet[$i]) {
                continue;
            }
            $attrSubSet = array_map('trim', explode('=', trim($attrSet[$i]), 2));
            $attrSubSet[0] = strtolower($attrSubSet[0]);
            if (!preg_match('/[a-z]+/i', $attrSubSet[0]) || in_array($attrSubSet[0], $this->disabledattributes) || preg_match('/^on/i', $attrSubSet[0])) {
                continue;
            }
            if (!empty($attrSubSet[1])) {
                $attrSubSet[1] = preg_replace('/[ ]+/', ' ', $attrSubSet[1]);
                $attrSubSet[1] = preg_replace("/^\"(.*)\"\$/", "\\1", $attrSubSet[1]);
                $attrSubSet[1] = preg_replace("/^\\'(.*)\\'\$/", "\\1", $attrSubSet[1]);
                $attrSubSet[1] = str_replace(array('"', '&quot;'), "'", $attrSubSet[1]);
                if (preg_match("/(expression|javascript|behaviour|vbscript|mocha|livescript)(\\:*)/", $attrSubSet[1])) {
                    continue;
                }
                if (!empty($this->disablecomannds) and preg_match('#(' . implode('|', $this->disablecomannds) . ')(\\s*)\\((.*?)\\)#si', $attrSubSet[1])) {
                    continue;
                }
                $value = $this->unhtmlentities($attrSubSet[1]);
                $search = array('javascript' => '/j\\s*a\\s*v\\s*a\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t/si', 'vbscript' => '/v\\s*b\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t/si', 'script' => '/s\\s*c\\s*r\\s*i\\s*p\\s*t/si', 'applet' => '/a\\s*p\\s*p\\s*l\\s*e\\s*t/si', 'alert' => '/a\\s*l\\s*e\\s*r\\s*t/si', 'document' => '/d\\s*o\\s*c\\s*u\\s*m\\s*e\\s*n\\s*t/si', 'write' => '/w\\s*r\\s*i\\s*t\\s*e/si', 'cookie' => '/c\\s*o\\s*o\\s*k\\s*i\\s*e/si', 'window' => '/w\\s*i\\s*n\\s*d\\s*o\\s*w/si');
                $value = preg_replace(array_values($search), array_keys($search), $value);
                if (preg_match("/(expression|javascript|behaviour|vbscript|mocha|livescript)(\\:*)/", $value)) {
                    continue;
                }
                if (!empty($this->disablecomannds) and preg_match('#(' . implode('|', $this->disablecomannds) . ')(\\s*)\\((.*?)\\)#si', $value)) {
                    continue;
                }
                $attrSubSet[1] = preg_replace_callback('/\\#([0-9ABCDEFabcdef]{3,6})[\\;]*/', array($this, 'color_hex2rgb_callback'), $attrSubSet[1]);
            } elseif ($attrSubSet[1] !== '0') {
                $attrSubSet[1] = $attrSubSet[0];
            }
            $newSet[] = $attrSubSet[0] . '=[@{' . $attrSubSet[1] . '}@]';
        }
        return $newSet;
    }
Request
Initialize
__construct
_get_editor
_get_textarea
_get_title
base64Decode
base64Encode
chr_callback
chr_hexdec_callback
color_hex2rgb_callback
decodeCookie
encodeCookie
filterAttr
filterTags
fixQuery
get_Env
get_array
get_bool
get_cookie_save_path
get_editor
get_float
get_int
get_string
get_textarea
get_title
get_typed_array
get_value
isset_request
parse_mode
security_cookie
security_get
security_post
security_session
sessionStart
set_Cookie
set_Session
unhtmlentities
unset_request